Certified Chief Information Security Officer (CCISO) — Question 33
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
Answer options
- A. ISO 27001
- B. ISO 27004
- C. PRINCE2
- D. ITILv3
Correct answer: B
Explanation
ISO 27004 is specifically designed to provide guidelines for measuring the effectiveness of an Information Security Management System, making it the most suitable choice. ISO 27001 focuses on establishing and maintaining the ISMS, while PRINCE2 and ITILv3 are project management and IT service management frameworks, respectively, and do not directly address security metrics.